Privacy Policy
Folder Suggest ("we", "our", "the add-in") is an Outlook add-in which uses on-device AI to suggest the best Outlook folder for each email you read. This policy explains what data we access, how it is used, and your rights as a user.
1. Who We Are
Folder Suggest is an independent add-in and it is not affiliated with Microsoft Corporation. For any privacy-related enquiries, contact us at hello@foldersuggest.com.
2. Data Accessed Locally (Never Sent to Our Servers)
To provide folder suggestions, the add-in accesses the following data from your Microsoft 365 account via the Microsoft Graph API. This data is processed entirely on your device and is never transmitted to our servers:
- The subject line, sender address, and a portion of the body (up to 1,000 characters) of the currently selected email — used locally to generate a folder suggestion
- The names and IDs of your mail folders
- Subject lines and sender addresses of recent emails in your folders (used to compute local similarity scores)
This data is processed in real time on your device. None of it is transmitted to our servers, and the currently selected email's data is not retained after the add-in session ends.
3. Data We Collect on Our Servers
We collect the following data on our servers (hosted on Cloudflare) to operate the service, enforce usage limits, and diagnose issues. No email content, folder names, or email body text is ever sent to our servers.
| Data | Purpose |
|---|---|
| Microsoft Entra ID object identifier (a UUID assigned to your account by Microsoft) | Persistent user identification; key for your usage record |
| Email address(es) associated with your Microsoft account (including aliases) | User identification; early-user eligibility for free plan |
| First-seen and last-seen timestamps; count of distinct active days | Usage analytics; early-user identification |
| Move count (total lifetime; today's count) | Enforcing freemium usage limits; product analytics |
| Suggestions shown count | Product analytics and quality measurement |
| Outlook client surface identifier (e.g. "Outlook-Outlook", "Outlook-Web") | Compatibility diagnostics; bug triage by platform |
| Session lifecycle phase (e.g. "init", "auth", "ready") | Diagnosing session failures and drop-offs |
| Error category, sanitized error message (PII redacted server-side), timestamp, and source | Bug diagnosis; service reliability |
| Error count; throttle-recovery count | Monitoring service health and Microsoft Graph reliability |
PII sanitization: Error messages are automatically sanitized on our server before storage — email addresses are replaced with [redacted-email] and file paths are replaced with [redacted-path]. Messages are truncated to 200 characters.
What we do NOT collect: We do not collect email content, email subjects, email body text, folder names, attachment data, IP addresses (beyond what Cloudflare processes transiently as part of CDN delivery), browser fingerprints, or advertising identifiers.
4. How Data Is Processed
All AI processing happens entirely on your device. The add-in loads a small AI model (~23 MB) from our own servers and runs it locally inside Outlook's browser environment. Your email content is never sent to our servers or to any third-party AI service for processing.
Server-side data collection occurs through three API endpoints:
- Identity tracking — called once per calendar day (deduplicated client-side) to record that the add-in was opened and to associate your email address(es) with your account.
- Folder tracking — called each time you move an email to a folder, to count usage for freemium limit enforcement. Returns your current usage count so the add-in can display remaining moves.
- Diagnostics — called on session lifecycle transitions (e.g. authentication complete, ready state), on errors, and when suggestions are displayed. Uses
keepalive: trueon the final call so session-end data is captured even if the add-in closes.
All analytics calls are fire-and-forget from the client — failures are silently ignored and never affect the add-in's core functionality.
5. Data Storage and Retention
Server-side records (Cloudflare D1): All server-side data described in Section 3 is stored in Cloudflare D1 (a serverless SQL database), keyed by your Microsoft Entra ID object identifier. These records are retained as follows:
- Identity and usage data (email addresses, timestamps, move counts): retained for as long as your account is active, or until you request deletion.
- Diagnostic data (last error, session phase, platform info): overwritten on each new event (only the most recent value is kept). Error and throttle counts are cumulative but contain no content.
If you do not use the add-in for an extended period, we may delete your record. You can also request deletion at any time (see Section 9).
IndexedDB (local folder cache): To speed up future suggestions, the add-in caches the following data locally in your browser's IndexedDB storage for up to 30 days:
- Folder names and IDs
- Numerical embedding vectors representing each folder's content
- Sender email addresses and sender domains extracted from recent emails in each folder
This cache remains entirely on your device and is never transmitted to our servers. It is automatically cleared when it expires (30 days), when you uninstall the add-in, or when you clear your browser storage.
localStorage (authentication and deduplication): The Microsoft Authentication Library (MSAL) stores OAuth tokens — including your account identifier and access credentials — in your browser's localStorage. This is standard browser-based OAuth behaviour. Additionally, a simple flag is stored to deduplicate the daily identity call. These values contain no email content and are scoped to app.foldersuggest.com. Access tokens expire after approximately 60 minutes; refresh tokens are managed by Microsoft.
6. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing are:
- Contract performance (Article 6(1)(b) GDPR): Processing your Microsoft account identifier and move counts is necessary to provide the service you have requested, including enforcing freemium usage limits that form part of the service's terms.
- Legitimate interests (Article 6(1)(f) GDPR): Collecting diagnostic data (errors, platform info, session phase) and usage analytics (active days, timestamps) serves our legitimate interest in maintaining service reliability, diagnosing bugs, and understanding product adoption. We have assessed that this processing is proportionate and does not override your rights, given that: (a) no email content is collected; (b) diagnostic data is minimal and PII-sanitized; (c) data is used solely for internal service improvement; and (d) you can object at any time (see Section 9).
You have the right to object to processing based on legitimate interests at any time (see Section 9).
7. Microsoft Graph API and Authentication
The add-in uses Microsoft's OAuth 2.0 identity platform (Microsoft Entra ID, formerly Azure Active Directory) to authenticate you. During sign-in, Microsoft provides your account identifier (object ID), email address, and display name in the identity token. We use the object ID and email address as described in Section 3. We do not store or use your display name. We explicitly request only the minimum Graph API permissions needed:
- Mail.Read — to read email subjects, senders, and body text, and to list your mail folders
- Mail.ReadWrite — to move emails to the selected folder
8. Third-Party Services (Sub-processors)
The following third parties process data in connection with the add-in:
- Cloudflare, Inc. (USA) — Hosts the add-in (Cloudflare Pages) and stores server-side usage/diagnostic records (Cloudflare D1). Cloudflare also transiently processes standard web request metadata (IP address, user-agent, TLS information) as part of its CDN and DDoS protection services; we do not access or store this metadata. See Cloudflare's privacy policy and Cloudflare's DPA.
- Microsoft Corporation (USA) — Provides authentication (Microsoft Entra ID) and mailbox access (Microsoft Graph API). Data exchanged with Microsoft is governed by Microsoft's privacy statement.
The AI model (~23 MB) is served directly from our own Cloudflare Pages hosting and cached in your browser after the first load. No third-party AI service is contacted. The model was originally sourced from Hugging Face under the Apache 2.0 licence but is bundled with and served entirely by our own infrastructure — your device does not contact Hugging Face.
9. Your Rights
For all users:
- Stop using the add-in: Uninstall at any time via Outlook's add-in manager. This immediately revokes access to your mailbox.
- Delete local data: Clear your browser's IndexedDB and localStorage for
app.foldersuggest.comto remove local caches and tokens. - Revoke Microsoft permissions: Visit myapps.microsoft.com to revoke the add-in's access to your Microsoft account.
- Request deletion of your server-side record: Email hello@foldersuggest.com and we will delete your entire server-side record within 30 days.
- Request a copy of your data: Email hello@foldersuggest.com and we will provide a machine-readable export of your server-side record within 30 days.
Additional rights under GDPR (EEA/UK/Switzerland residents):
- Right to object (Article 21): You may object to processing based on legitimate interests at any time by emailing hello@foldersuggest.com. Upon receiving your objection, we will cease processing diagnostic and analytics data for your account unless we can demonstrate compelling legitimate grounds that override your interests. Freemium usage counting (necessary for service delivery) will continue unless you uninstall the add-in.
- Right to rectification: If your stored data is inaccurate, contact us to correct it.
- Right to restriction: You may request that we restrict processing of your data while a dispute is resolved.
- Right to data portability (Article 20): You may request your data in a structured, machine-readable format.
- Right to lodge a complaint: You may file a complaint with your local data protection authority.
Additional rights under CCPA (California residents):
- Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected.
- Right to delete: You may request deletion of your personal information.
- No sale of personal information: We do not sell, and have never sold, personal information to third parties.
- No discrimination: We will not discriminate against you for exercising your CCPA rights.
10. International Data Transfers
Your server-side data is stored in Cloudflare D1, which may replicate data across Cloudflare's global network including locations outside the EEA. Cloudflare maintains appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs). Our data processing relationship with Cloudflare is governed by Cloudflare's Data Processing Addendum (DPA), which incorporates the EU Standard Contractual Clauses.
11. Children's Privacy
This add-in is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has used this add-in, please contact us and we will delete the associated data.
12. Security
All communication between the add-in and our servers, and between the add-in and Microsoft Graph, is encrypted via HTTPS/TLS. Server-side API endpoints enforce CORS restrictions limiting requests to our production domain only. Error messages are sanitized server-side to remove PII before storage. Because we do not store email content on our servers, there is no server-side data breach risk for your email content. In the event of a breach affecting the data described in Section 3, we will notify affected users and relevant authorities as required by applicable law.
13. Disclaimer and Limitation of Liability
This add-in is provided "as is" without warranty of any kind, express or implied. To the maximum extent permitted by applicable law, the developer shall not be liable for any indirect, incidental, or consequential damages arising from your use of the add-in, including but not limited to any loss of data or email misplacement. You use the add-in at your own discretion.
14. Changes to This Policy
We may update this policy from time to time to reflect changes in the add-in or applicable law. The "last updated" date at the top of this page will be updated accordingly. If we make material changes to the types of data collected or the purposes of processing, we will notify users via the add-in interface or by email where possible. Continued use of the add-in after a policy change constitutes acceptance of the updated policy.
15. Contact
For any questions about this privacy policy, to exercise your rights, or for any data-related request, please contact us at hello@foldersuggest.com. We aim to respond within 14 days and no later than 30 days as required by applicable law.